Update:Google has stated that they are working on a change to their system which will anonymize all data collected from their suggestion services (including Chrome) after 24 hours. This is exactly the sort of thing I was hoping for. Good job Google!Update: Maybe Google’s new privacy policy isn’t good enough after all.

A friend of mine let me in on some info about Google’s secret Chrome project about 6 months ago but I didn’t get to actually try it till yesterday. I’m pretty impressed with some of their new innovative features like independent processes for tabs, compiled javascript, and the incognito mode.

But then I realized something huge. If you use Google Chrome, Google will know every URL you type into the location bar. More than that, they will know (almost) every partial URL you type into the location bar. More than that, they will know every word or phrase you type into the location bar, even if you type it and then delete it before pressing enter. More than that, all this information can be linked with your main Google account, because Google sends your cookie along with every automatic search it performs from the location bar. Chrome will use the cookie of whatever Google account you are currently logged into.

No other browser that I know of uses an automatic search/suggest feature in the location bar. The location bar is where you type the address of the site you want to navigate to. Firefox uses a suggest feature in the search bar. It makes sense to do it there. Google.com now has auto suggest on their homepage. It makes sense there too. Now it makes sense to also have it in the location bar in terms of a nice helpful feature. But in terms of privacy I think this is a new low. I think Google should, at the least, not be sending your cookie out with these searches. But even then they could be connected to you by IP.

Don’t believe me? Go download the Wireshark packet sniffer and do some tests for yourself.

Now to be fair it seems they don’t auto suggest once you’ve typed “http://&#8221; but who actually types that anymore? There are also some timing issues, if you type really quickly and hit enter the auto suggest may not be attempted.

I’m sure there’s a team of Google data mining engineers somewhere who are giddy as shit about having all this information once Chrome becomes more widespread.

Update: Google responded to a CNET story about this issue regarding their data retention policy:

A Google representative told CNET News that the company plans to store about 2 percent of that data–and plans to store it along with the Internet Protocol address of the computer that typed it.

Update: As Rushi Vishavadia points out, the data will be sent to whatever search engine you set in the options. Of course it will default to Google but if you were to change it to Yahoo or MSN they would be receiving this data instead of Google.

Here’s an example of what Chrome is sending to Google while I’m typing the URL http://www.whatismyip.com into the location bar:
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=ww HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www HTTP/1.1
...
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www.what HTTP/1.1
...
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www.whatismyip.c HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www.whatismyip.co HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=www.whatismyip.com HTTP/1.1

Here’s an example when I’m typing the search query “how to cheat on taxes” into the location bar:
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+t HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to+c HTTP/1.1
...
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to+cheat+on+tax HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to+cheat+on+taxe HTTP/1.1
GET /complete/search?client=chrome&output=chrome&hl=en-US&q=how+to+cheat+on+taxes HTTP/1.1

Even if I never pressed enter to submit the above search to Google, they would still have this data and be able to link it to my account.

I should point out this feature can be disabled by going to Options -> Manage -> Uncheck “Use a suggestion …”

Like this:

LikeLoading...

Related

This is definitely going to strike fear into every person who looks at or type in sites they shouldn’t while using chrome. You know who you are, and you should be afraid. Afraid because whether you’re using chrome or not, you’re doing something bad. And that’s stupid. And eventually it will make you sad. And being sad is scary. Here’s a tip, don’t do bad things.

Yeah, Google Chrome is an awesome browser, I just don’t use it because I use Firefox. And Chrome is just like a keylogger: it saves whatever you type in it and sents to Google. But I think they’ve changed this now with the latest version.

So what you are telling me is that I can overload google’s data miners by writing an app that will do pointless searches all day. Then I can pass this app on to everyone else who has virtually unlimited internet. Do you think they limit it to a max # of times per IP?

this isn’t that scary at all. there’s only one way to make recommendations as you type – and that’s to submit the data as it’s being typed. this happens in firefox, IE, and safari if you use pretty much any modern search feature on most popular webpages.

i’d be more scared if this was happening while I was typing in a textbox like the one i’m using now to make this comment…

@mjg: I think you missed the part where this is happening in the location bar. The place where you usually type the URL of websites. In all other browsers this happens in the search bar, not the location bar. All other browsers won’t send the URLs you type into the location bar to a search engine for suggestions, but that is what is occurring now with Chrome.

And when you click through on a search result on Live Search, Yahoo, Google, Amazon, Wikia, etc., the Web site you click through gets recorded on their servers.

I don’t see where you’re going with this. Yes, the browser is sending data to be used to aggregate suggestions. And yes, the address bar and the search bar are the same in Chrome. But this kind of aggregated anonymized data is very *very* old stuff. Yahoo’s been doing it for years. You just happened to notice this kind of conventional technology with this browser.

This is just ur last option to find some controversy out of this.. Nothing else. This is something what most of the modern browsers do now.. (not sure about Ie8)… There is nothing to fear about if u don’t have a criminal cyber-life…

To me the automatic search/suggest feature could potentially be a windfall for Google, especially as it launches an ad publishing network and ad exchange. The ability to steer traffic to sites running Google AdSense, and to be able to optimize that traffic based on the eCPM of the sites in that network, creates an incredible ability to drive traffic based upon the same Google optimization engine used for AdWords. This is a great thing for Google, but may be a suboptimal solution for users.

This clearly eliminates the middle man in Google’s path to unfettered access to as much data as Google’s thousands of servers can process and leverage in it’s desire to deliver more “relevant” ads. Please, since when did relevant ads have value. Relevant content and news, great. Relevant ads are the creation online advertisers and those who are willing to continue to drink that kool-aid.

You may also want to read the privacy policy associated with the install, prior to the install. It’s pretty telling.

This IS Evil! You know, for years sites like Scroogle have been warning everyone about the really questionable business practices going on over at Google – and their incredibly tongue in cheek Mission Statement “Do No Evil”. Google needs to switch from their ad based corporate philosophy to more of a bank one. There are ways to target folks with appropriate ads without all of this intrusive spyware, and don’t even think of arguing with me here, this IS Spyware! In fact 90% of their products feature spying and data mining storage with virtually no expiration date. I used to think Microsoft’s Privacy Policy was bad – no more. Google now tops the list of worst privacy violator with Chrome. SHAME ON YOU GOOGLE! Put our Privacy FIRST from now on, ads second, or you ARE going to lose ALL of your customer base. For Privacy is OUR first concern. Doubt it? Put out one more product like this and watch your public turn on you like hyenas with the smell of fresh blood in their noses.

[…] resolve some of their issues. Google’s url bar is also a search bar and suggests urls. This information is then connected with your IP address and passed along to Google. If you’re viewing chan, slash, sexually explicit fanart, this […]

This sounds like that they want to know everyone’s every move. It can be good and bad. The good side is they could monitor people that could be a threat, the bad side is that they know everything you do.

Has anyone else been successfully able to actually turn off the auto suggest feature? I have read the instructions and unchecked that box, but it does not work and they still continue to fill in suggestions. Was just curious if this is just my computer or if others have been successful in turning if off?

i’m having similar problems with Google’s preferences, it doesn’t keep them, especially two i’m big on:
– show search results in new window; it never remembers this one, i have to set it back on again and again and again…
– whenever i set the auto suggest feature off it lasts only for the session i’m on,
actually i have to reset all of my preferences each and every time i start a new session,
i tried to contact Google about that, yeah, well, tough luck, there’s no way to contact them directly that i know of — well, you could actually send them a letter by mail… — you keep being redirect around and around on their multiple Help, FAQ and Forums pages, not one giving you direct access to them, not a one…

…err. This is not a privacy issue at all. Those data collected by Google are stored on an indexing machine and will be used as search queries. After that, they’ll be deleted. Anyway, your IP address and private information isn’t sent. Just the search queries. These things are the same data sent to Google when you search for something using their main web page — or if you use Firefox search.

Any web developer can tell you that IP addresses don’t need to be “sent”. Whenever any communication takes place on a standard HTTP link both computers (or in this instance your home & Google’s servers) already know each other’s IP address.

Chrome is Free Software. If people have a problem with this behavior you can be assured that it will be forked. Google just wants to get the technology out there and inspire improvement and standards compliance in browsers so that people can use their apps so they can continue to challenge Microsoft. Google isn’t really counting on Chrome to report back everything you do.

Google’s 2% is what they story. Clearly they don’t mention what data they actually sell or give out to outsiders, like the fed. gov’t. Really the whole internet is going this direction, where everything about you will be datamined, to the point that they pretty much will have a physical and psychological profile on you, and can thus predict your likes and dislikes, habits and thought process before you have even done anything. It is really disturbing, and it is sad that people are starting to get a little angry now when we should have been angry in the 90’s.

Pretty scary. But maybe Google somehow now has the bad image Microsoft had when they took over Netscape. So people (especially those who care) won’t use Chrome. Instead they tend to the great alternatives such as Safari, Konqueror, iCab, Firefox, Mozilla, …

Also, Firefox sends out data as well when using the search field next to the address bar. Try Google, Yahoo, Answer.com, etc. Most of the search providers that come with the default install of Firefox 3 will query the providers web-service to return relevant results.

[…] lusty desires from life partners; many privacy advocates state that Google will have insight into anyone’s Web browsing habits, Web searches, e-mail, contacts, photos, GPS and location all at a click of a button. Now, this is […]

You’re still missing the point from this article. If you’re looking for something and you press the link and gets recorded, well at least you know it’s being recorded and never click on something suspicious.

Let’s say for example, I’m looking for a song to download or a crack to test the full features of a software before I buy it, If I’m looking that up in a search engine, they’ll know about me since this is illegal. But If I already know the website I need to access and I’m typing it in my browser’s address bar, I don’t want them to know about it.

This is just one example of privacy invasion. In addition to the fact that I don’t want to allow them to record my URLs, searches, etc.

[…] information more accessible can only be good (even to the point of surveillance). But Google gets scarier every day, and it has bought YouTube. Wikipedia’s still good, but it will never be anything but a mess. […]

I discovered a major privacy vulnerability in Google Toolbar. Most people know that to clear your search history, you click “clear history” in the drop-down menu that appears under the search box. But this only clears your WEB search history! What people don’t know is that there is a separate search history for Google Images, Google News, Google Groups, etc. These additional histories DO NOT CLEAR when you clear your web search history! If you click on the little square icon with a ‘G’ on the inside left of the search box, you can switch the search function to images, news, maps, groups, etc. The little square icon will change when you do this, and the search history for EVERYTHING YOU HAVE EVER TYPED will be available for those search types, no matter how many times you have cleared the web search history! The “clear history” option is not global!

So, if you have ever searched Google Images, Google Groups, Google News, etc and have not cleared the history list for each one, everything you have ever searched for in those is still available for anyone to view.

thanks for the article. pay no attention to the disinformation trolls here telling you this is no big deal. they are hired writers that work for PR. they say no big deal. blah, blah, blah. but if it wasn’t a big deal, then you wouldn’t see so much energy spent on trying to convince you that this isn’t a breach of privacy.

Can’t say I’m worried, let them know that I download songs and watch movies, they can kiss my ass, try and prove it was me and not a hacker accessing my wireless modem, my computer will be smashed in my bath tub as soon as I see those ‘vans’ pull up, lol. Mmmkay??

Hey you all who think this is nothing to worry about:
THIS IS HOW THE FUTURE IS BEING SHAPED. You yourselves are taking part in creating the possible Orwellian control state. If your kids could go back in time from 2050 to this day to witness your statements now, what do you think they would think of you?

Personally I’m still sticking with Firefox, mainly because of all it’s addons. I like what I’ve seen of Google Chrome, and will probably give it another go once it is out of beta (All Google software comes out of beta eventually, doesn’t it? :P)

[…] a browser based on Chromium code base. Iron uses the latest of webkit and ensures that some of the privacy issues associated with Google Chrome are not present. It uses the same user interface as Google Chrome so […]

If Google uses the combined OS/Browser to cache info on the Google cloud, whether they anonymize it or not, they can do much more than just know what URL you are searching.

They can look at the cache an VIEW the same page you are viewing. With an integrated browser, they have no constraints on where the page is cached.

Which means … even if they don’t have your password for a secured site, they can still see what you are seeing (you’ve logged in for them) via packet sniff or system administrator monitor.

The court ruled that Microsoft violated antitrust rules when they tried to integrate and bundle the browser with the OS.

Google has taken this troubling development one step farther. They not only are integrating the browser and the OS, but they are storing the data YOUR DATA on their system. In other words, it’s no longer yours. You have no control over what they do with it or whether they view it.

This situation is far more serious than the problems caused by Microsoft’s attempts to integrate browser and OS. This gives Google the technology to spy on everything you visit, not just the URL or partial URL, but the actual data on the page, the data in the cache. Reconstructing it on their system would be trivial.

They would be the most powerful entity on the planet if they had this capability and naive users might hand it to them because they don’t understand the technology.

one might say that privacy is only important for those who do “bad” things, and that one should avoid doing such things, and to some extent I would agree with the earlier sections of the statement.

privacy is for bad people. but what is a bad person? in this world, being jewish, black, gay, ugly, fat, demented, and so forth can mean you are bad and can lead you to be subjected to the forces of the social world.

maybe as a result of being detestable, you might find an unwelcoming party waiting for you in the bathroom when you didn’t expect it. maybe you don’t get a position at work that you would’ve otherwise gotten if your name didn’t sound like Osama or Ahmadinejad.

maybe the insight, the helpful, humanistic insight you provide to your community is now useless because someone found out that you’re a woman. a woman who isn’t even controlled by a God-loving man!

maybe privacy is for bad people – it’s for the bad people who don’t want to get fucked by the good people.

8.4 Google acknowledges and agrees that it obtains no right, title or interest from you (or your licensors) under these Terms in or to any Content that you submit, post, transmit or display on, or through, the Services, including any intellectual property rights which subsist in that Content (whether those rights happen to be registered or not, and wherever in the world those rights may exist). Unless you have agreed otherwise in writing with Google, you agree that you are responsible for protecting and enforcing those rights and that Google has no obligation to do so on your behalf.

Yet also Opera works like Chrome. One can just use the address bar for a search. And that search will be done bij Google. Try it, you will see a lot of your history show up in the address bar. So, using Opera that way may not be that much different. Google pays Opera for using their engine. So, where will the information be stored?

[…] It basically was an cyber-attack originating from China, targetting google mail accounts of chinese human rights activists and non-chinese advocates of human rights in China. Fortunately, the attack was not a huge success, meaning not much data was compromised. Maybe some of you know Google’s “Don’t be evil”-slogan and how ridiculous it sometimes seemed, since they censored stuff and (still) collect fast amounts of user data. […]

I think I’ll stick with Firefox, I’m using 3.6 and its pretty quick, sure Chrome may perform faster but to the average user it’s barely noticeable. FF with adblock plus is the way to go, I could never imagine life without it, I’m sure Firefox will be overtaken by Chrome one day and that will be sad.

When I think of Google, I keep thinking Skynet (one for the Terminator fans), lol, just joking but I think it’s idiotic to hand over so much information to a corporation

Regardless of the website used, expect to be tracked, for “”authorities are interested in your actions””, this is an action taken since the beginning of recorded history and will continue until the extinction of mankind (Sooner than we think). Sad that we need to justify any action much less those we consider educational for personall reasons.I’m too damn old to care about personall privacy, but realize issues presented through secret intrevention which has occurred since recorded history.Orwells “1984” film about “BIG BROTHER IS WATCHING” comes to mind. Keep this in perspective you of the younger generation, and realize the advancements to technologies since my generation.Be AWARE of the potential chasing you.

Google doesn’t get it. Anonimizing the service is simply not enough. The point is they shouldn’t be watching what I type into the URL to begin! That’s like saying it’s ok to install cameras in the bathroom because you remove the faces after 24 hours.

What’s the problem? Google gets your search anyway when you press Enter, the only additional info they get from this tracking data is how many spelling mistakes you’re making. And you get the benefit of not having to necessarily type the whole string before your search completes

The problem I have is I don’t like searching on ebay for a tablet for my kids birthday, and then suddenly, I fork a new tab to google the specs of a particular tablet, and I have an advertising banner that says “Apps. Angry Birds is in the Chrome Web Store”. At first I found this highly coincidental, but then chrome went back to normal. 2 days later, I go to look at tablets on ebay again, i fire up a new tab to search the specs of a particular tablet, and again I get advertising for the Google appstore. It seems pretty evident that my activities are being monitored and advertising is being pointed at me based on the URLS I am visiting (of which ebay use very long ones like /Some-Tablet-For-Sale-7″-3G-etc-etc/ so its pretty damned obvious use using a textual analysis of the URL what I’m looking at. I still find leveraging off this to give me a targetted ad, without my consent, a gross invasion of my privacy.

There is another side to the browser search issues that I never see referenced anywhere. Internet search is not all about tastes and desires. Sometimes you need to research something you don’t personally want to have. It is not a personal preference, but it may be your responsibility. Clinic purchasers research lots of pharmaceuticals, syringes, and condom specifications. That doesn’t mean they are addicts or want to learn where they can get recreational drugs on the net. (Condoms, it turns out, vary widely in composition, diameter, length, strength, as well as the other features for which they may be better known like color, flavor, texture, etc. If your clinic offers too narrow of a product range, patients may not realize there are products that could work for them and have more unprotected sex, placing them at greater risk of STDs.) Responsible parents research things they hear their kids or neighbors talk about because they want to protect them against harmful products or influences, STDs, and other bad outcomes. Cops research pedophiles. The cops doubtless have special firewalls or other protections built into their work senvironments, but the rest of us don’t necessarily get those protections. We shouldn’t all have to set up anonymous email accounts on separate computers to avoid having “helpful suggestions” that constantly remind us of these things and associate our personal identities with them. The idea that everyone who searches for something wants to have it, and have it on and ongoing basis, is absurd. This is the fundamental flaw I see in all interenet search.

This webpage is not available
The webpage at https://mail.google.com/mail/?tab=wm might be temporarily down or it may have moved permanently to a new web address.
Error 201 (net::ERR_CERT_DATE_INVALID): Unknown error.

To all the idiots who say “if you’re doing nothing wrong”… Let me spell this out for you.
Google are now collecting every URL that you enter.

Lets say you enter the URL of two companies, “Ford” and “General Motors”. URL’s not search engine queries. Next you decide to do a search engine querey for Mazda dealers near you.

Google looks at your query, AND it looks at your previous URL searches. Google may now chose not to give you a generic response to your search for the word “Mazda”. Instead, it fills teh search response with people who have paid to be there. People who are competitors of the three firms.

Google has your IP address. It probably has your email. It may have your home address and phone number. Suddenly you start receiving SPAM from these advertisers, on the phone, in your email and through your letter box.

Google data miners collect data on you and your family. They can quickly sell a profile of you to anyone who wants the information. How often you switch gas suppliers, when your home insurance is due. How often you use ebay, gamble on line, what your hobbies are, who you bank with, where you went on holiday.

I realised that Chrome was doing this 20 minutes ago. I love it, it’s a great little browser, but it will be uninstalled in 5 minutes time.

I have to agree with those concerned for the future. Small changes like this may make for a world nobody wants to live in. If you dont draw the line now, precidents have been set and you may find they are hard to overturn. Privacy is not only for those who break the law. I close the door when i go to the bathroom, not because taking a dump is illegal, but because i’d like some privacy. We put blinds on our windows not to hide our criminal activities but because privacy is a principle of humany society. Sex in public is prohibited, this MUST be performed in private. Privacy is the cornerstone of human rights, and allowing a company to retain everything you do when at your computer is simply ignorant. Im removing everything google from my computer and i’ll likely install some packet sniffing tools to monitor what other applications send. I hope others out there will take notice of these sublte liberties we’re giving up, and do something to stop it. Join me…REMOVE/BOYCOTT GOOGLE APPLICATIONS.

When I originally commented I appear to have clicked on the -Notify me when new comments are added- checkbox and now each time a comment is added I recieve 4 emails with the exact same comment. Is there a way you are able to remove me from that service? Thanks a lot!

It is a bit scary. At some point or another, data will leak. It happened before for another company, it probably will happen to Google at some point.
Ok, we all search for things we are embarrassed to talk about, some things we may feel we would have to leave this planet if they got out in the open, but in reality these things aren’t going to be publicized even if they are stolen, and if there is any harm, just sue them to hell.

To be honest, what I am more scared of is linking accounts. All accounts everywhere seem to be linking together now. Is it really safe? It’s not like we use different passwords for the zillion accounts we have to make on the web.

google is the satan they r scary they dont care they need 2 b sued they let others place false info on u and dont click on a site every site out there has your info and they wont correct it if any of the complaints secide 2 sue im with u i uninstalled mi google chorme its the satains web site, later im even scared 2 submit this form cause the want your name scary e mail scary website scary

Hi, I do believe this is an excellent website. I stumbledupon it
;) I will come back once again since i have book-marked it.
Money and freedom is the greatest way to change, may you be rich and continue to guide others.

Definitely consider that that you said. Your favourite reason seemed to be at the net the easiest thing
to understand of. I say to you, I certainly get irked while other folks think about concerns that they plainly
do not recognize about. You controlled to hit the nail upon
the highest as neatly as defined out the entire thing without having side effect , folks can take a signal.

[…] our Founding Fathers when they drafted the U.S. Constitution to respect the fundamental right to privacy. Technology is a two-edged sword because while it provides us freedoms that we never had access to, […]

I’m quite astonished by the type of conversation that arose here. WOW, Google, really grinds your gears, doesn’t it? To be fair, I think it’s quite important to know what is happening to your personal data and all of that, but I can’t totally agree with the statement that ‘Google will know everything about you once you use their search engine.’ I mean, yes, they do scan through the phrases you look for but..that’s how they work! (96% of their annual revenue comes from advertising, DUH!) And together with that you get the good quality of search. So maybe before you start to panic, install AdBlock if you’re really bothered by the ads poping up on the websites and yeah..don’t expect Google to come after you.